Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Google Safe Browsing (High Level)

Google Safe Browsing (High Level)

What is it? How does Firefox use it? How can you use it as a web developer?

luke crouch

January 15, 2018
Tweet

More Decks by luke crouch

Other Decks in Technology

Transcript

  1. View Slide

  2. • What is SafeBrowsing?
    • How we (Firefox) use SafeBrowsing
    • How you can use SafeBrowsing

    View Slide

  3. What is Safe Browsing?
    safebrowsing.google.com

    View Slide

  4. It’s a free service
    operated by Google
    • It hosts lists of urls
    • malware
    • other unwanted software
    • phishing / social engineering
    • It’s used by Android, Gmail, Ads, Search, Chrome,
    Firefox, Safari, Opera

    View Slide

  5. visiting malware url
    in Firefox

    View Slide

  6. visiting unwanted software url
    in Firefox

    View Slide

  7. visiting phishing url
    in Firefox

    View Slide

  8. How are urls
    added to the lists?

    View Slide

  9. phishing url

    View Slide

  10. submit to Safe Browsing
    https://safebrowsing.google.com/safebrowsing/
    report_badware/?hl=en

    View Slide

  11. submit from Firefox
    Help → Report Deceptive Site

    View Slide

  12. submit from Firefox

    View Slide

  13. How many sites
    are in the lists?

    View Slide

  14. https://transparencyreport.google.com/safe-browsing/overview

    View Slide

  15. https://transparencyreport.google.com/safe-browsing/overview

    View Slide

  16. https://transparencyreport.google.com/safe-browsing/overview

    View Slide

  17. https://transparencyreport.google.com/safe-browsing/overview

    View Slide

  18. How often do people
    encounter these sites?

    View Slide

  19. https://transparencyreport.google.com/safe-browsing/overview

    View Slide

  20. How does
    use Safe Browsing?

    View Slide

  21. https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/

    View Slide

  22. Firefox extension
    2005

    View Slide

  23. added to Firefox
    2006

    View Slide

  24. Checking “live” adds too
    much latency to page loads
    • Firefox gets new bad urls from Google every 30m
    • Before displaying a page to a user, check local db

    View Slide

  25. The whole list is too big to
    download
    • each URL is canonicalized
    • then hashed
    • only the first 32 bits are kept

    View Slide

  26. False positives
    • Many urls could have the same 32-bit hash prefix
    • Get all the full hashes with the 32-bit prefix from
    the server
    • If page doesn’t match a full hash, it’s not on the
    list

    View Slide

  27. Download protection
    • Download the file
    • Check the main url, referrer and redirect chain against
    local blocklist; block if match
    • (Windows) if signed, check signature against allow-list
    of good publishers
    • If file is not binary, allow
    • If binary, send metadata to application reputation
    server

    View Slide

  28. What metadata?
    • filename
    • filesize
    • sha256 hash
    • locale

    View Slide

  29. Privacy
    • Browsers don't send all visited urls to Google
    • Safe Browsing data is never used anywhere else at
    Google
    • Firefox removes query string params from download
    check
    • Firefox stores Safe Browsing cookies in separate storage
    • Firefox adds a number of extra “noise” 32-bit hashes
    when requesting complete hashes

    View Slide

  30. How can you use it?

    View Slide

  31. developers.google.com/safe-browsing

    View Slide

  32. Need to get
    your site off the list?
    https://support.google.com/webmasters/answer/3258249?hl=en&ref_topic=4596795

    View Slide

  33. https://developers.google.com/safe-browsing/v4/lookup-api

    View Slide

  34. https://developers.google.com/safe-browsing/v4/update-api

    View Slide